Using Natural Language Tool to Assist VPRG Automated Extraction from Textual Vulnerability Description

This paper presents an application of Natural Language Tool (NLT) to support the VPRG extraction of text based vulnerability description. The NLT is used to analyze the text-based vulnerability descriptions to retrieve vulnerability properties and evaluate their relationships. Then, a graph based VPRG model that describes the vulnerability can be established. Finally, with fine-tuning from domain expertise, the VPRG model can be useful for analyzing and evaluating web-based vulnerabilities. This approach is proposed to support automatic VPRG extraction from several online database resources as well as vulnerability analysis.